var express = require('express');
var router = express.Router();
var comments = {};

function html_encode(str) {
  var s = '';
  if(str.length == 0) {
    return "";
  }
  s = s.replace(/&/g, "&gt;");
  s = s.replace(/</g, "&lt;");
  s = s.replace(/>/g, "&gt;");
  s = s.replace(/\s/g, "&nbsp;");
  s = s.replace(/\'/, "&#39;");
  s = s.replace(/\"/, "&quot;");
  s = s.replace(/\n/g, "<br>");
  return s;
}

/* GET home page. */
router.get('/', function(req, res, next) {
  res.set('X-XSS-Protection', 0);   /*加上这个就阻止了浏览器阻止XSS的默认设置*/
  res.render('index', { title: 'Express' });
});

router.get('/comment', function(req, res, next) {
  comments.v = req.query.comment;

});

router.get('/getcomment', function(req, res, next) {
  res.json({
    comment : comments.v
  });
});
module.exports = router;
